Fortinet FortiClient EMS carries a critical unauthenticated remote code execution vulnerability (CVE-2026-35616, CVSS 9.8) that is actively exploited in the wild and listed in the CISA KEV catalog with a federal remediation deadline of April 9, 2026. No credentials or user interaction are required, placing this at the highest possible risk tier for any organization with internet-facing EMS instances. Immediate action required: restrict management interface access at the network perimeter, take unpatched internet-facing instances offline, and apply Fortinet’s patch without waiting for a maintenance window.